Bug 1047442 (CVE-2017-10929) - [devel:tools]: CVE-2017-10929: The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allowsremote attackers to cause a denial of service (heap-based buffer overflow andapplication crash) or possibly have unspecified other impact via
Summary: [devel:tools]: CVE-2017-10929: The grub_memmove function in shlr/grub/kern/mi...
Status: RESOLVED FIXED
Alias: CVE-2017-10929
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/187862/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-06 06:43 UTC by Marcus Meissner
Modified: 2017-07-06 10:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-07-06 06:43:11 UTC 
CVE-2017-10929

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows
remote attackers to cause a denial of service (heap-based buffer overflow and
application crash) or possibly have unspecified other impact via a crafted
binary file, possibly related to a read overflow in the
grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10929
https://github.com/radare/radare2/issues/7855
https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
Comment 1 Daniel Molkentin 2017-07-06 10:01:37 UTC 
Fixed in sr#508478. Please review & accept. Reassigning to security team.
Comment 2 Marcus Meissner 2017-07-06 10:35:01 UTC 
accpted